MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c4cae107e564fc8740bf7e2e3ef86a3ead01657705b6bb40f5fa0949b79b4db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c4cae107e564fc8740bf7e2e3ef86a3ead01657705b6bb40f5fa0949b79b4db
SHA3-384 hash: 0b93c7e5174f0c4e841d712f5c3a2ed7aae6df8dd43e06f51f1285cb694880d94887027cf3bebd2ab764c4f98c0c246b
SHA1 hash: 2a87aeee848fd8a7760294767a0c1f07a8236e2b
MD5 hash: 9f97ed4f5a979d5174dba387706399ed
humanhash: alabama-fifteen-mobile-utah
File name:0898665653T.GZ
Download: download sample
Signature MassLogger
Create hunting rule
File size:662'601 bytes
First seen:2020-05-20 11:40:20 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:YWsdv1E48Zn1KsWRoEv6Z5JThJ1F/TjfgimWRYZYxgcAz97YhCa+3QbQVEBBbwEW:YDdWV1DWiy6zJ9zFbjfgZFu+cQ97FVAC
TLSH BAE423EE2413B0FDD4A7C4520A06589DDCDA49D3731F10B1756CE2ACFB2A98D09B788E
Reporter abuse_ch
Tags:BBVA ESP geo gz MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: forward.a.hostedemail.com
Sending IP: 216.40.42.17
From: BBVA-Confirming Cesión de Créditos <Confirmlng.bbva@bbva.com>
Subject: Confirming de BBVA de Créditos
Attachment: 0898665653T.GZ (contains "0898665653T.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:32:28 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrgk4ed6kzh4q5al67roh34gupvnafsxobnwxnapl6qjjg3zwtnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

gz 5c4cae107e564fc8740bf7e2e3ef86a3ead01657705b6bb40f5fa0949b79b4db

(this sample)

MassLogger

Executable exe 2efb278670351cc46912de45c2b9b8f8bee9a26e9f82b3cf08792e041d2d754d

  
Dropping
MD5 e76e1a3ba5d80658bfc0725b31b5058c
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2efb278670351cc46912de45c2b9b8f8bee9a26e9f82b3cf08792e041d2d754d

Comments